Translate This Blog

3/30/09

A cyber spy network based almost entirely in China has hacked into computer networks around the world, stealing classified information from governments and private organisations in more than 100 countries, a team of Canadian researchers has reported.

The system, dubbed "GhostNet" by the researchers, infiltrated networks in dozens of embassies, foreign ministries, government departments and offices in several cities belonging to the Dalai Lama's Tibetan government-in-exile, the Canadian team said.

The network was uncovered after the Munk Centre for International Studies was initially approached by the Dalai Lama's office to investigate allegations of Chinese espionage.

In over 10 months of study, they then found a far larger spy network, targeting more than 1,295 infected computers in 103 countries.

'High-value targets'

According to one of the researchers, close to 30 per cent of the infected computers "are considered high-value political and economic targets".

They include computers located at ministries of foreign affairs, embassies, international organisations, news media, and NGOs, Ronald Deibert, director of Munk's Citizen Lab, wrote in an email.

The study did not name specifically which governments had been targeted by the spy network, although the researchers said the system was focused on the governments of South and Southeast Asian nations.

They said they had seen no evidence that US government offices had been breached.

The researchers said the GhostNet system - which they described as still active - had been armed with a wide-ranging set of tools, including the ability to retrieve documents, and turn on web cameras and audio systems to act as remote listening posts.

The study found that the network was based almost exclusively in China, although the researchers stopped short of saying the Chinese government was involved in the system.

Easy to hide

"One of the characteristics of cyber-attacks of the sort we document here is the ease by which attribution can be obscured," Deibert said.

"Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most."

He said the study highlighted the growing capabilities of cyber attacks and the ease with which the internet can be used to gather high value and sensitive information.

Speaking to The New York Times, a spokesman for the Chinese Consulate in the city dismissed the idea China was involved.

"These are old stories and they are nonsense," Wenqi Gao, told the paper.

"The Chinese government is opposed to and strictly forbids any cybercrime."